Guidance

Cross-government communities of practice privacy notice

Published 20 May 2021

© Crown copyright 2021

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/cross-government-communities-of-practice-privacy-notice/cross-government-communities-of-practice-privacy-notice

Communities of practice are professional networks with members from across government. Members join to meet, learn, share knowledge and tackle common problems. Community organisers collect personal data to manage their community of practice.

Cross-government communities of practice are provided by the Government Digital Service (GDS) and the Central Digital and Data Office (CDDO), which are part of the Cabinet Office. The data controller for GDS and CDDO is the Cabinet Office – a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.

Why we need your data

For a number of the activities that we undertake to manage the communities of practice, we need to process personal data. These activities include:

  • managing membership of the community that you have signed up to
  • enabling communication and collaboration between community members
  • managing feedback, including gathering it to improve our management of the community, and responding to it if you have asked us to
  • provision of news and updates about the community of practice that you have signed up to, including:
    • learning and development opportunities
    • invitations to share best practice between the community
    • relevant information and guidance
    • ways to take part in the community

What data we collect from you

We collect certain information and data about you when you sign up to one of our communities of practice.

We collect your:

  • name
  • business contact details

Mailing list, newsletters and updates

If you sign up to our mailing list (which might be via an online newsletter platform, an email group or business email) we will collect your:

  • name
  • email address
  • IP address (if subscribing to a newsletter through a sign-up form)
  • date and time an email is opened (if subscribed to an online newsletter)
  • what links you click on (if subscribed to an online newsletter)

We may also list on our communication tool if you’re a GOV.UK publisher, have attended one of our events or are part of a non-content profession (for example a press officer) to ensure you get the right information.

To unsubscribe from mailing lists and newsletters you can:

  • use the link on the newsletter
  • remove yourself from a Googlegroup

Collaboration Tools

When you use our collaboration tools and platforms we may additionally collect your:

  • user profile on the tools and platforms

If we communicate with you via video conference or virtual collaboration platforms, the information may also include your image or voice.

Where we use our suppliers to provide video conferencing and online collaboration tools, the information may also include IP address and session data. You can refer to the privacy policies of the suppliers when accessing their tools for more information.

Recording the communication and collaboration

If the collaboration is via video conference or online collaboration platform, we may record it. When this happens, we’ll inform you in the invitation to the session that recording will take place, and again at the start of the session before recording begins. The full consent process for recording virtual events is managed on an event by event basis.

The legal basis for processing your personal data is in the exercise of a public task. Cross-government communities of practice are provided to improve standards, output and quality across government, and to help public sector workers to do their job.

When we record events that are held virtually, the legal basis for processing your data is your consent. The full consent process is managed on an event by event basis. However, if you do not want to be recorded during a virtual event, you can simply turn your camera and microphone off.

For those not working for the public sector, we process your information on the basis of your consent. Your consent to:

  • joining the community of practice is given when you ask to join
  • receiving news and updates is given when you opt in to receive news and updates

To withdraw your consent, you can simply opt out of the mailing list, or contact your community of practice liaison.

What we do with your data

GDS and CDDO use third party applications to facilitate collaboration with other government departments, including sharing:

  • information
  • news and updates

We also use the following applications:

  • mailing list providers when you sign up to receive emails, news and updates from us
  • video conferencing and online collaboration tools when you join virtual collaboration sessions
  • software collaboration platforms when you share material, feedback or make a contribution
  • support providers when you contact us for assistance

These applications are ‘data processors’, which means they process personal data on behalf of GDS and CDDO. Some of these data processors may also process:

  • your IP address
  • session data

Some of our data processors use a technology in the emails that means we can see when you open an email or click on certain links. The information is used to create reports that show how an email performed and what actions people took from it.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

How long we keep your data

We will keep your personal data for 3 years or until consent is withdrawn (if we are relying on your consent).

Where your data is processed and stored

As your personal data is stored on our IT infrastructure and shared with our data processors, it may be transferred and stored securely outside the United Kingdom. Where that is the case it will be subject to equivalent legal protection through the use of Standard Contract Clauses or Adequacy Decisions.

We also design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties who process personal data for GDS are required to keep that data secure.

Children’s privacy protection

We do not design or promote services for children who are 13 years of age or younger, and we do not intentionally collect or keep data about anyone under the age of 13.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data
  • that anything inaccurate in your personal data is corrected immediately

You can also:

  • raise an objection about how your personal data is processed
  • request that your personal data is erased if there is no longer a justification for it
  • ask that the processing of your personal data is restricted in certain circumstances

If you have any of these requests, get in contact with our Privacy Team - you can find their contact details below.

If your personal data is processed on the basis of consent, you have the right to:

  • withdraw consent to the processing of your personal data at any time
  • request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format

Changes to this notice

We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.

Questions and complaints

Contact the GDS Privacy Team if you either:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled
  • want to make a subject access request (SARS)

Email: gds-privacy-office@digital.cabinet-office.gov.uk

The contact details for the Cabinet Office’s Data Protection Officer are:

Data Protection Officer

Cabinet Office
70 Whitehall
London
SW1A 2AS

You can also complain to the Information Commissioner, who is an independent regulator.

Information Commissioner's Office

Email icocasework@ico.org.uk

Contact form https://ico.org.uk/glo...

Telephone 0303 123 1113

Textphone 01625 545 860

Back to top